[ Merge of http://go/wvgerrit/124063 ]
LicenseDurationRemaining used to indicate the minimum of rental or
license duration till OEMCrypto v16. OEMCrypto v16 onwards it began
reporting rental duration alone.
This is confusing for app developers and content partners. Keeping
LicenseDurationRemaining as apps may depend on it but adding
RentalDurationRemaining for clarity.
Bug: 186838303
Test: WV unit/integration tests, WvCdmRequestLicenseTest.QueryKeyStatus
Change-Id: I6c507150a0945ee36716b4da189f5741b092c0ec
[ Merge of http://go/wvgerrit/123263 ]
In b/65839890 we discovered that an android app loaded an offline
license more than once in a session. We did not intend to allow
this behavior but did not prohibit it. OEMCrypto v16 disallowed
this behavior at the OEMCrypto level but we worked around it
within the CDM to maintain the bad behavior. Now that we have confirmed
that the app no longer relies on that behavior, we are reverting
the CDM workaround.
Bug: 161865160
Test: WV unit/integration test, GtsMediaTestCases
Amazon, Netflix, Google TV streaming and offline playback.
Change-Id: I31254e4c13b81587f88c6c684d08d5aa5c18e39d
* changes:
Fix CDM Builds w/ OEMCrypto_ERROR_INVALID_ENTITLED_KEY_SESSION
Fix unused param warnings in oemcrypto fuzz test
Add http socket tests to other tests
Turn on ODK tests in CE CDM test and fix test helper
Merge from Widevine repo of http://go/wvgerrit/122224
This CL removes the separate main() in http_socket_test that
allowed the user to set the server on the command line. I
don't think anybody was using this, and it conflicted with
our desire to include this suite of tests with the other CE
CDM tests running on Luci.
test: ran http_socket_test
bug: 118657876
Change-Id: I9228b9cc97a0af2afd1bb4a99bc40b88ce956d67
[ Merge of http://go/wvgerrit/123103 ]
This corrects setting of first and last playback times stored by the
CDM on rollback. Earlier usage information from the usage entry in
OEMCrypto would be ignored on rollback even when available.
Information stored along with the license in persistent storage would
be used instead.
A new test with longer duration expiry has been added as well as some
additional verification.
Bug: 186199213
Test: WV unit/integration test
Change-Id: I601f9584a8a0c5137ce68546f8ec833bf2e70cc5
[ Merge of http://go/wvgerrit/122885 ]
A recent change to the license service resulted in PSTs being inserted
into persistent renewable licenses even when not specified by the
content provider. This caused ReleaseOfflineKeySessionUsageDisabledTest
to fail. The asset was changed to use a policy for a persistent
license without renewal.
Offline_RollbackBeforeRestoreKey failed because the duration of the
license is short. It has expired when the clock is restored after a
rollback.
Bug: 181693982
Test: request_license_test
Change-Id: I0a2c2a09e563c81c134fba1f310deb1eb4de26a3
[ Merge of http://go/wvgerrit/122183 ]
Support for CBC1 and CENS encryption modes is no longer required with
OEMCrypto v16. Removing tests to enforce them. The tests will validate
CENC and CBCS mode.
Bug: 181693982
Test: request_license_test
Change-Id: I350d315528c753b70dbf1b1cc46f2897002333fb
[ Merge of http://go/wvgerrit/122103 ]
When in CTR mode an encryption pattern should no longer be specified.
This will address failures in Cdm/WvCenc30Test.DecryptionTest/* and
Cdm/WvCenc30SwitchCipherModeTest.DecryptionTest/*
Bug: 181693982
Test: WV unit/integration tests
Change-Id: Iecbf28b51115501439aebf057056657c796896ae
The android CL ag/13947818 was submitted before some CE CDM test
failures were noticed and code review comments were received.
Bug: 184813991
Test: WV unit/integration test
Change-Id: Ic31ca5bc5e46994e01eca56248e6bdffedd779f3
[ Merge of http://go/wvgerrit/119806 ]
This change replaces all calls for base64 encoding which first converts
a string to a vector. The new base64 encoding function allow for
encoding binary data contained within strings.
Bug: 181732604
Test: Android unittests
Change-Id: Ibfe79dba99e6a2ee2f2a96e85b62fbd22519aea7
[ Merge of http://go/wvgerrit/120512 ]
Wrapped DRM private keys are loaded when a key request is made or when
offline/usage sessions are restored. They were earlier loaded when a
session was opened.
For streaming sessions, key material will be fetched from the default
or legacy certificates and loaded when a key request is made.
For offline and usage sessions, key material may be retrieved from
license or usage records if available. If not available, information
associated with the legacy certificate will be loaded.
Certificate and wrapped keys are also written out when an offline
license or usage record is saved.
Bug: 169740403
Test: WV unit/integration tests
WvCdmRequestLicenseTest.ProvisioningWithExpiringCertTest
WvCdmRequestLicenseTest.StreamingWithExpiringCertTest
WvCdmRequestLicenseTest.RestoreOfflineKeysWithExpiringCertTest
Change-Id: Ice0154c632170c46da171cbbb23a97380c610a98
[ Merge of http://go/wvgerrit/120123 ]
DRM certificate creation and expiration times are now validated.
* New DRM (default) certificates will have an expiration time specified
by the provisioning service.
When stored, the client will include the time the certificate was
received. This allows for expiration calculation to occur when client
and provisioning service clocks are out of sync.
When read out, creation, expiration and acquisition times are
validated. The certificate is checked for expiry by making sure
that the time at the client since the license was acquired is not
greater than the expiration period. The time information stored at the
client may be tampered with. The license service will perform an
expiration check and reject the license request if tampered with.
The expiration time may be set to never expires/unlimited. This is not
a valid value for creation or acquisition time.
* Pre-existing (legacy) certificates from upgrading devices will not
have an expiration time set by the provisioning service. Instead
the client will calculate an expiration time 6 months with + or -
a random two month period in the future. This is stored along with the
certificate.
When read out, if no expiration time has been set by the client, one
will be calculated and written out. The certificate will be declared as
valid. If a client calculated expiration time is present, the
certificate will be validated. In case of tampering, the license service
can reject license requests and force reprovisioning when appropriate.
* ATSC certificates will continue to not have an expiration time.
No additional validation is required.
Other changes for non-ATSC licenses involve managing both default and
legacy certificate co-existance. When checking for DRM certificates,
the default certificate is attempted first. This is followed by a check
for the legacy certificate, if the default certificate is not present.
Bug: 169740403
Test: WV unit/integration tests
DeviceFilesTest.StoreCertificateInvalidParams
DeviceFilesTest.RetrieveAtscCertificate
DeviceFilesTest.RetrieveAtscCertificateNotFound
DeviceFilesTest.RetrieveCertificateInvalidParams
DeviceFilesTest.RetrieveLegacyCertificateWithoutExpirationTime
DeviceFilesTest.RetrieveLegacyCertificateWithClientExpirationTime
DeviceFilesTest.RetrieveLegacyExpiredCertificateByClientExpirationTime
DeviceFilesTest.RetrieveLegacyCertificateInvalidClientExpirationTime
DeviceFilesTest.RetrieveCertificateWithoutKeyType
DeviceFilesTest.RetrieveDefaultCertificate
DeviceFilesTest.RetrieveDefaultCertificateNeverExpires
DeviceFilesTest.HasCertificateAtsc
DeviceFilesTest.HasCertificateDefault
DeviceFilesTest.HasCertificateLegacy
DeviceFilesTest.HasCertificateNone
CertificateTest.StoreCertificateTest.DefaultAndLegacy/*
CertificateTest.RetrieveLegacyCertificateTest.ErrorScenarios/*
CertificateTest.RetrieveDefaultCertificateTest.ErrorScenarios/*
Change-Id: I7dbec7555fbd493c1ec61c6bb5d9428a2405b1fd
[ Merge of http://go/wvgerrit/119843 ]
Creation and expiration times are extracted from the device DRM
certificate. They are reported as
* -1 if not set in the proto
* 0 if unlimited
* positive number otherwise
Bug: 169740403
Test: WV unit, integraiton tests
Change-Id: I9463954dfeb82b6a88ff5d608ed74d20f2424e83
[ Merge of http://go/wvgerrit/119804 ]
The coverage framework used by Android requires the process to call
exit() for coverage information to be dumped after the tests.
Android unit tests have been adapted to use the a new main module.
The core test_main.cpp used by integration tests has been updated to
call exit().
Bug: 138941105
Test: Linux and Android unittests
Change-Id: Ifffc7b8290c50dffe527738a36547c1d2fb90bd3
This commit is a combination of the following:
* http://go/wvgerrit/117003
* http://go/wvgerrit/118303
Bug: 162255728
Test: MediaDrmTest#testGetLogMessages
Change-Id: I5699b64d5c4bab463e5b587595fa7d324dc1d93f
[ Merge of http://go/wvgerrit/117267 ]
The client will now advertise the ability to handle provisioning errors
by a minor version updated to the provisioning protocol version.
The provisioning service may indicate that the individual device
is revoked or all devices with the same make/model have been revoked.
If the provisoning service has not been upgraded, the protocol version
field in the request will be ignored. The provisioning service/SDK
will respond with an HTTP 400 error to a provisioning request from
a revoked device.
Bug: 174174765
Test: WvCdmRequestLicenseTest.ProvisioningRevocationTest,
WV unit/integration tests
Change-Id: I5ff61496685f310de6704a90452b8b76b3505cbb
[ Merge of http://go/wvgerrit/110923 ]
The CDM is responsible for telling OEMCrypto the underlying DRM
private key type when loading it into a session. To do this, the
CDM must determine and store the key type of a successfully loaded
provisioning response. The type of key is available from the
DRM certificate proto that is provided in the reponse.
This change introduces a class to contain the wrapped key and
type together. To store the type, the CDM device files have been
updated to include a key type with the DRM certificate and to
store from and load to the new class.
Unittests have been updated for using the new class where the
wrapped key was used before.
Test: Linux unit tests
Bug: 140813486
Change-Id: I09249afe9c291632fb651ecd00eac697d6939ec7
(cherry picked from commit 6c457402e944079271cef488aa4699f986da6a2e)
Merged-In: I09249afe9c291632fb651ecd00eac697d6939ec7
Cherry pick from http://go/wvgerrit/102986, rvc-dev branch of
http://go/wvgerrit/105825, rvc-widevine-release of http://go/ag/12561661
This CL adds several integration tests that match the duration use
cases. The test classes are designed for the core cdm, but the test
cases match those found in oemcrypto/odk/test/odk_timer_test.cpp.
See this document for a list of use cases:
libwvdrmengine/docs/License_Duration_and_Renewal.pdf
Test: Ran the tests against v16 OEMCrypto. Some fail against v15.
Bug: 161463952
Change-Id: I7cd424ae241d3897fbd06956e87dd9da0752cb6d
Cherry-pick from branch rvc-dev of http://go/wvgerrit/105824 and
rvc-widevine-release http://go/ag/12561660
This adds two policy integration tests to verify that we are handling offline
licenses correctly.
Bug: 161023174
Bug: 129301787
Test: WV unit/integration tests
Change-Id: I20f5d6a9fbfd2ff8cff361e1005e45b46c700704
[ Merge of http://go/wvgerrit/108084 ]
The Widevine License Agreement has been renamed to use inclusive
language. This covers files in the android directory.
Bug: 168562298
Test: verified compilation (comment only change)
Change-Id: I0f9e6445e0168ebe85425baeb81371e182e5a39c
[ Merge of http://go/wvgerrit/107763 ]
This CL enables the ability to query the CDM for the analog output
capabilites of the device. Due to the number of possibilities that
OEMCrypto can report, two queries are exposed:
- Output capabilities: None, Supported, CGMS-C, Unknown
- Can disable: True, False, Unknown
Bug: 168322023
Test: Android integration test
Change-Id: I8036a89237d698f170d2c1901c41d1d6b708c917
This is a cherry pick of recent changes to OEMCrypto and ODK. Most of
these are part of the document migration to doxygen.
See http://go/wvgerrit/106005 and its parents for code reviews.
Bug: 144715340
Bug: 148232693
Bug: 167580674
Change-Id: I658f99c8117b974faed97322d61fac0f382283af
Merge from http://go/wvgerrit/105767
To avoid conflict with metrics.proto in
frameworks/av/drm/libmediadrm/proto.
This is in preparation of moving metrics_dump tool
to build under Android.
bug: 161783052
Test: unit test
Test: Play Movies & Tv and Netflix streaming
Change-Id: I2406b66db4d61cca7c6260ea8847a555d96c8d42
[ Merge of http://go/wvgerrit/105025 ]
Clang and GCC allow for warnings against the arguments for printf-like
functions (e.i. LOGx). These validate that the format type specified
in the format string match the corresponding argument type.
Most of the time, format specifer errors are benign; hence why they
haven't been seen as an error so far. However, with the enabling of
specifier warnings and the enabling of warnings as errors on certain
platforms, these existing errors need to be addressed.
This CL enables format specifier warnings for most of the Widevine
code, with the OEMCrypto L3 implementation which has a single error
which requires a fix in the haystack code before being fixed in the
Widevine branch.
Strict format string warnings are not enabled for non-LP64 systems.
Bug: 137583127
Test: Compiled for Linux and Android
Change-Id: I051398332d31a20457b86563a90ad8f6d428445f
[ Merge of http://go/wvgerrit/103243 ]
Include review comments from wv gerrit CL.
Bug: 161551490
Test: WV unit integration tests, GtsMediaTestCases and
WidevineConcurrentDrmCertificatesTest#testConcurrentDrmCertificates,
MediaDrmTest#testMultipleLoadKeys on a redfin
Change-Id: Ie9b41a2e68b95692f9353578f6955637411d4dfc
[ Merge of http://go/wvgerrit/103243 ]
In v16, OEMCrypto specifications required that an error be returned if
multiple attempts are made to load an offline license into a session.
This caused the GTS test testConcurrentDrmCertificates to fail. It was
introduced to verify that a license could retrieved and loaded into a
session and then restored. This was based on an app use case.
Ideally we would like to disallow a this behavior but need to make sure
it is not being used by apps.
For now this will be allowed. If detected, the CDM will reintialize the
OEMCrypto session and allow the license to be restored.
Bug: 161551490
Test: WV unit integration tests, GtsMediaTestCases and
WidevineConcurrentDrmCertificatesTest#testConcurrentDrmCertificates,
MediaDrmTest#testMultipleLoadKeys on a redfin
Change-Id: I0834e4419c3a6dccfd77aaea3afa3d65c2c0c742
[ Merge of http://go/wvgerrit/102068 ]
CDM sessions should not be able to load multiple usage entries.
OEMCrypto already prevents multiple entries from being loaded by the
same OEMCrypto session; however, restoring a key typically creates a
new OEMCrypto session, which should not be allowed twice within the
same CDM session.
This test verifies that CDM returns an error if restore key is called
multiple times within the same session.
Bug: 136143733
Test: Android integration test
Change-Id: I594c91250217fd958837328162f909bc931d373f
[ Merge of http://go/wvgerrit/100905 and http://go/ag/10708438 ]
Add support for ATSC certificate and licenses handling. ATSC
files are distinguished from the apps DRM certificate and licenses
by file naming conventions.
Bug: 139730600
Test: WV unit/integration test, GtsMediaTestCases
Change-Id: I295f66f92fe01d7716978deac9dc360d74addedd
[ Merge of http://go/wvgerrit/100864 and http://go/ag/10704773 ]
ATSC 3.0 allows for licenses to be downloaded OTA and are tied to
a DRM certificate that may be shared across apps. The provisioning
process for ATSC may happen at the factory or during an OS update.
This contrasts from the regular OTT model, which requires that
provisioning and license download have an uplink as well as a
downlink connection.
This adds support for the ATSC mode property. ATSC mode can only be
set (or unset) before sessions are opened. Once the CDM identifier is
set/sealed, requests to modify the ATSC mode will be rejected.
If one needs to open sessions with both ATSC mode and regular (non-ATSC)
mode, separate MediaDrm objects will need to be created. The default
mode is to not use ATSC.
Enable ATSC mode by calling
mediaDrm.setPropertyString("atscMode", "enable")
Disable ATSC mode by calling
mediaDrm.setPropertyString("atscMode", "disable")
Provisioning and unprovisioning requests for ATSC will be rejected as
certificates will be retrieved by the ATSC service.
Bug: 139730600
Test: WV unit/integration test, GtsMediaTestCases
Change-Id: I142f286c711fe007ff42125c3c8cdc6450b6ea36
[ Merge of http://go/wvgerrit/100403 ]
VersionNumberTest.VersionNumberChangeCanary was expecting a version
string of "R". However, Android rvc branch is now far enough into
development to use a numbered version: version "11".
Bug: 156853733
Test: Android license request test
Change-Id: I63d33f742c849b672b2d2402ab8423fdf2450f6f
Merge from Widevine repo of http://go/wvgerrit/100328
Several integration tests in WvCdmRequestLicenseRollbackTest had been
testing the duration of a license. However, the license they request
sets the playback duration and not the rental duration. That means the
timer we are checking does not start until the first playback. To fix
the tests, we simply add a decrypt operation right after the license
is received.
Test: integration tests w/v16 mod mock.
Bug: 156854660
Change-Id: Ie4f017c82db8aaf084ad050de3fcb7f51987c97e
Merge from Widevine repo of http://go/wvgerrit/99843
When processing a license release, the license is not loaded, so
OEMCrypto does not know nonce version information for the core
message. It assumes that all license releases are v15, so it is not an
error for a license release to not have a core message.
This CL also adds some extra logging to tests so that we can track
content id and the pssh. This CL also updates some of the test content
policies when running the local license server. The local license
server is only used for debugging problems.
Bug: 152648172 Integration test WvCdmEngineTest.LicenseRenewal failing
Bug: 156259697 License release does not need core message
Test: Unit tests with v16 mod mock
Change-Id: I04c896adadfb17877ce1115345d2419e0d2489f0
[ Merge of http://go/wvgerrit/97963 ]
There are situations where an offline license file will remain on the
system after it's usage entry has been deleted. This would result in
its key set ID being reported as present by the CDM, but any
operations acting upon it will result in an error.
The app should be able to remove the license without error, so long
as the license file exists and no other OEMCrypto operations fail.
This change introduces a new error code LICENSE_USAGE_ENTRY_MISSING,
which indicates that a license's usage entry cannot be found.
A new integration test checks that the CDM can handle the calls to
removeOfflineLicense().
Bug: 137034719
Test: Android unit and integration tests
Change-Id: Ibdbe963b7f7e3ac97b446300d8e3896cdee7abc5
